Skills
skills/evanklem/evanflow/evanflow-prd/Gen Agent Trust Hub

evanflow-prd

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external project files to synthesize a PRD. An attacker with control over these files could embed instructions to manipulate the agent.\n
  • Ingestion points: CLAUDE.md, CONTEXT.md, docs/adr/, and docs/stakeholder/*.md.\n
  • Boundary markers: The instructions lack delimiters or warnings to ignore instructions found within the source context.\n
  • Capability inventory: The skill can create new files in the local workspace and execute the gh issue create command.\n
  • Sanitization: No input validation or sanitization is mentioned.\n- [COMMAND_EXECUTION]: The skill uses the gh issue create command to create GitHub issues. While it requires explicit user consent, this tool could be used to export content influenced by malicious instructions in the processed context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:33 AM